This repository is under active development. Security fixes are expected to land on the current main development line rather than on multiple maintained release branches.
Please do not open a public issue for an unpatched vulnerability. Instead:
- use a private maintainer contact path if one is available to you
- use GitHub Security Advisories if the repository has them enabled
- include reproduction steps, impact, and any suggested mitigation
Maintainers will try to:
- acknowledge the report
- reproduce the issue
- determine impact and fix priority
- coordinate disclosure after a fix or mitigation is ready
When reporting, clarify whether the issue affects:
- runtime core behavior
- package composition
- host or permission integration
- examples or developer tooling only